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DETAILED ACTION 

This is a response to a Request for Continued Examination filed on October 20, 2008. 
Claims 1-33, 37, and 39 are currently pending. 

Response to Arguments 
1 . Applicant's arguments, see Remarks and Amendments, filed October 20, 2008, 
with respect to the rejection(s) of claim(s) 1-33, 37, and 39 have been fully considered 
and are persuasive. Therefore, the rejection has been withdrawn. However, upon 
further consideration, a new ground(s) of rejection is made with regard to claims 1-20 in 
view of new prior art. 

Allowable Subject Matter 

1 . Claims 21-33, 37, and 39 are allowed. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

1. Claims 1,3-5, 7-8, 10-15, and 18-20 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Eisenberg [US 2003/0188001 A1]. 

Regarding claim 1, Eisenberg teaches a computer-implemented method, comprising: 
receiving, by an operating system and/or an enforcement module which is associated 
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with or is part of the operating system [Eisenberg 4: 0066-0067], a call [Eisenberg 5: 
0081] from a firewall aware application [Eisenberg 7: 0099] via a first application 
programming interface [Eisenberg 4: 0073, 0086 -API], the call having parameters for 
a connection to an endpoint that the firewall aware application desires to establish 
[Eisenberg 7: 0101-0102], whereby the firewall aware application explicitly 
communicates a request to traverse a firewall to establish the connection [Eisenberg 7: 
0103], the request is being directed to a specific socket [Eisenberg 7: 0109] and 
includes handling requirements for data sent and/or received by the firewall aware 
application [Eisenberg 7: 0109]; and making, by the operating system and/or the 
enforcement module, a call via a second application programming interface to the 
firewall to establish the connection in accordance with the parameters [Eisenberg 6: 
0087 -TSP layer creates and maintains a tunnel "through the firewall" via "TCP port of 
choice." It would have been evident for the TSP of a TP to make a call to the firewall to 
open the TCP port of choice.]. 

Regarding claim 3, Eisenberg teaches the method of claim 1 , wherein the parameters 
comprise a known endpoint to which the application would like to be connected 
[Eisenberg 7: 0108]. 

Regarding claim 4, Eisenberg teaches the method of claim 3, wherein the parameters 
further comprise a request to limit the connection to a single connection [Eisenberg 7: 
01 09-01 1 0 --negotiations limiting to a single TCP connection for tunneling.]. 
Regarding claim 5, Eisenberg teaches the method of claim 4, further comprising, after 
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the connection has been established, closing the connection in accordance with the 
request [Eisenberg 8: 0116]. 

Regarding claim 7, Eisenberg teaches the method of claim 1 , wherein the parameters 
comprise limiting the connection to a subset of interfaces, local addresses, or remote 
addresses, or combinations thereof [Eisenberg 7: 0109]. 

Regarding claim 8, Eisenberg teaches the method of claim 1 , wherein the parameters 
comprise a timeout policy for the connection [Eisenberg 8: 0116]. 
Regarding claim 10, Eisenberg teaches the method of claim 1, wherein the parameters 
comprise information about a property of a flow that requires special handling 
[Eisenberg 7: 0108]. 

Regarding claim 1 1 , Eisenberg teaches the method of claim 10, wherein the information 
comprises a request for authentication or encryption [Eisenberg 7: 0108 --Connections 
over https comprises authentication and encryption]. 

Regarding claim 12, Eisenberg teaches the method of claim 1 , wherein the application 
explicitly communicates the request to establish the connection by opening a listening 
socket [Eisenberg 5: 0081]. 

Regarding claim 13, Eisenberg teaches the method of claim 1, wherein the application 
explicitly communicates the request to establish the connection by connecting to a 
socket [Eisenberg 5: 0081 -https is over a socket layer.]. 

Regarding claim 14, Eisenberg teaches the method of claim 1 , wherein the call to the 
firewall is made via a firewall application programming interface [Eisenberg 4: 0073, 
0086 --API]. 
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Regarding claim 15, Eisenberg teaches the method of claim 1, wherein the firewall is 
located on a computer with the application [Eisenberg Fig 2a]. 
Claims 18 and 19 are rejected because it is directed to the same subject matter as 
claim 1. 

Claim 20 is rejected because it is directed to the same subject matter as claim 14. 

Claim Rejections - 35 USC § 103 
The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Eisenberg [US 2003/0188001 A1], and further in view of Coley [US 5826014]. 

Regarding claim 2, Eisenberg does not teach, at the firewall, evaluating the 
parameters with respect to a policy and, if the parameters meet the policy, establishing 
the network connection in accordance with the parameters. 

Coley teaches at a firewall, evaluating connection parameters with respect to a policy 
and, if the parameters meet the policy [Coley 8: 1-16], establishing the network 
connection in accordance with the parameters [Coley 9: 1-31] [Coley 10: 35-39]. 
It would have been obvious to one of ordinary skilled in the art at the time of invention to 
modify Eisenberg by having at the firewall, an evaluation of connection parameters with 
respect to a policy as taught by Coley. The suggestion/motivation would have been to 
make valid connections by the firewall based on an established policy. 
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Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Eisenberg [US 
2003/0188001 A1], and further in view of Hedge [US 6925495 B2]. 
Regarding 6, Eisenberg does not explicitly teach wherein the parameters comprise a 
request for bandwidth or connection throttling for the connection. 
Hedge teaches a computer-implemented method, comprising: receiving a call from an 
application [US 6925495 B2, Fig 5, Itm 510- Examiner notes that an application is 
inherent in a requesting device], the call having parameters for a connection to an 
endpoint that the application desires to establish [US 6925495 B2, Fig 8], whereby the 
application explicitly communicates a request to establish the connection and making a 
call to a firewall to establish the connection in accordance with the parameters [US 
6925495 B2, Col 13, Ln 22-31], wherein the parameters comprise a request for 
bandwidth or connection throttling for the connection [US 6925495 B2, Col 16, Ln 10- 
11]. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
accommodate a request for bandwidth or connection throttling as one of the parameters 
as taught by Hedge. The suggestion/motivation for the accommodation of bandwidth 
request is that since many sites rely on the user having a high bandwidth when 
streaming media to the user, bandwidth allocation is needed in a firewall to optimize 
content delivery [US 6925495 B2, Col 1 , Ln 47-50]. Hedge is an analogous art because 
Hedge solves the problem of optimizing content delivery over a network by requesting 
and accommodating bandwidth allocation. 
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1 . Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Eisenberg 
[US 2003/0188001 A1], and further in view of Keane [US 2003/0131263 A1]. 
Regarding claim 9, Eisenberg does not teach wherein the parameters comprise turning 
off or on specific protocol options. 

Keane teaches a computer-implemented method, comprising: receiving a call [US 
2003/0131263 A1 , Fig 8, Itm 800 - Examiner notes that receiving packets to be 
transported across a network is evidence of receiving a call.] from an application [US 
2003/0131263 A1 , Pg 6, Par 0066 -- Examiner notes that network interfaces are 
application interface receiving the packets.], the call having parameters for a connection 
to an endpoint that the application desires to establish [US 2003/0131263 A1 , Fig 6,7], 
whereby the application explicitly communicates a request to establish the connection 
and making a call to a firewall to establish the connection in accordance with the 
parameters [US 2003/0131263 A1, Pg 7, Par 0081], wherein the parameters comprise 
turning off or on specific protocol options [US 2003/01 31 263 A1 , Pg 7, Par 0084]. 
It would have been obvious to one of ordinary skill in the art at the time of invention to 
accommodate the specific protocol options as taught by Keane. The 
suggestion/motivation for the accommodation of specific protocol options is to provide 
information to the firewall for evaluation of a packet whose specific protocol options may 
be set [US 2003/01 31 263 A1 , Pg 7, Par 0084]. Keane is an analogous art because 
Keane is in the same field of transmitting packet content across a network using firewall 
modules. 
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2. Claims 16-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Eisenberg [US 2003/0188001 A1], and further in view of Chen [US 7000006 B1]. 
Regarding claim 16, Eisenberg does not teach wherein the firewall comprises an edge 
firewall, and further comprising an agent to communicate information to the edge 
firewall about the connection. 

Chen teaches a computer-implemented method, comprising: receiving a call from an 
application via an application programming interface and making a call to a firewall to 
establish the connection [US 7000006 B1, Col 9, Ln 21-29], wherein the firewall 
comprises an edge firewall, and further comprising an agent to communicate 
information to the edge firewall about the connection [US 7000006 B1 , Col 9, Ln 21-29 
-- Examiner notes that intercepting communications to a corresponding secure domain 
is evidence of an application agent providing such functions.]. 
It would have been obvious to one of ordinary skill in the art at the time of invention to 
implement edge firewalls as taught by Chen. The suggestion/motivation for combining 
Chen would have been to reduce the amount of processing time involved in configuring 
networks for policy managements [US 7000006 B1 , Col 1 , Ln 40-47] because the 
network can be abstracted into domains thus having reduced topology and internal 
connectivity [US 7000006 B1 , Col 1 , Ln 51-59] which is made possible by implementing 
edge firewalls. Chen is an analogous art because Chen solves the problem of being 
able to reduce the amount of processing time involved in configuring networks for policy 
managements. 
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Regarding claim 17, Eisenberg in view of Chen teaches the method of claim 1, wherein 
the firewall comprises an edge firewall [US 7000006 B1, Col 9, Ln 21-29], and further 
comprising an authenticated protocol [US 7000006 B1, Col 2, Ln 65-67 -- Examiner 
notes authentication modules is evidence of authenticated protocols.] to communicate 
information to the edge firewall about the connection. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MARTIN JERIKO P. SAN JUAN whose telephone 
number is (571 )272-7875. The examiner can normally be reached on M-F 8:30a - 
6:00p EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. 

/MJSJ/ 

Martin Jeriko San Juan 
Examiner, Art Unit 2432 



/Gilberto Barron Jr/ 

Supervisory Patent Examiner, Art Unit 2432 



